Police Federation Confirms Ransomware Breach

The Police Federation of England and Wales (PFEW) has confirmed that it has suffered a ransomware attack, but has said that it was not specifically targetted and was likely to have been impacted as part of a wider campaign.

The ransomware attack has apparently only impacted computers at its headquarters in Surrey, and the PFEW said that it does believe that any data has been stolen.

The attack comes just after a ransomware attack this week crippled the huge Norwegian aluminium producer Norsk Hydro, forcing it to switch to ‘manual operations’.

Police Federation

The PFEW meanwhile confirmed the ransomware attack in a Twitter statement.

“We can confirm we have been subject to a malware attack on our computer systems,” it warned. “We were alerted by our own security systems on Saturday 9 March. Cyber experts rapidly reacted to isolate the malware and prevent it from spreading.”

It said that BAE Systems’ Cyber Incident Response division has been brought in to access the impact and scale of the attack. All relevant authorities have also been notified.

“There is no evidence at this stage that any data was extracted from the organisation’s systems, although this cannot be discounted and PFEW are taking precautions to notify individuals who may potentially be affected,” said the association.

The Police Federation is made up of 120,000 constables, sergeants, inspectors and chief inspectors across 43 police forces.

And some police members reportedly are angry it has taken 12 days for the Federation to inform its members, and took to Twitter to complain.

It is reported that a number of databases and email systems have been encrypted by the criminals, and backups are also said to be impacted.

Expert reaction

Security experts have offered their thoughts on the attack and one has pointed out that new types of cyber defences are needed that can evaluate both external and internal threats.

“The fact that the UK Police Federation has fallen victim to a ransomware attack shows that no system, not even those being defended by industry experts, is invulnerable,” said Max Heinemeyer, director of threat hunting at Darktrace.

“In the wake of this week’s Norsk Hydro attack, we are seeing a slight resurgence of ransomware. The danger is that these attacks don’t have to be technically sophisticated to be devastating,” said Heinemeyer. “They often abuse systematic weaknesses such as software vulnerabilities, outdated patches and weak administrative credentials. We have even seen some late strains of ransomware with a surprisingly low detection rate by commercial antivirus software.”

“Clearly, building walls is no longer enough,” he concluded. “Organisations across all sectors will have to adopt AI defences, to catch attackers already on the inside.”

Another expert said the case highlighted the need for organisations to have appropriate planning in place, in case the worst should happen.

“Every organisation should have a plan in place for a successful ransomware attack,” said Tim Erlin, VP of product management & strategy at Tripwire. “While prevention is preferred, the reality is that no security control is perfect.”

“The key to responding to a ransomware attack is to detect quickly, limit the spread and restore systems back to a trusted state,” said Erlin. “Functional backups are key to recovery, but so is a clear understanding of how systems are configured. Finally, restoring from backups is only useful if you can close the attack vector that allowed the ransomware to gain a foothold in the first place.”

Another expert also pointed to the need to ensure backups are safe and secure.

“Law enforcement agencies such as the UK’s Police Federation should maintain regular and constant backups of important files and consistently verify that the backups can be restored,” said Israel Barak, CISO at Cybereason.

“Organisations should also educate their employees on refraining from downloading pirated software or paid software offered for ‘free,’ as humans are the single biggest asset cyber criminals have in extorting money from businesses,” said Barak. “Lastly, organisations should deploy advanced anti-ransomware technology to prevent the effective execution of ransomware and help to make cybercrime a less profitable and attractive business.”

This point about appropriate defences was also picked up by another expert.

“While ransomware may have appeared to slow down, it still remains a large threat to many organisations,” said Javvad Malik, security advocate at AT&T Cybersecurity. “Therefore, it is essential that companies put in place, not just detection controls to alert where there may be a ransomware infection, but also have response controls and procedures in place.”

“Preferably automated and orchestrated responses so that affected machines can be quarantined quickly to prevent widespread,” said Malik. “Having reliable threat intelligence can also help in the quick identification of any ransomware or other malware.”

Do you know all about security? Try our quiz!
https://www.silicon.co.uk/security/cyber-security-2017-205701

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

4 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

5 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

5 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

6 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

6 hours ago

EU Opens TikTok Probe Over Election Interference Claims

European Commission opens formal probe into TikTok after Romanian first-round elections annulled over Russian interference…

7 hours ago